Microchip VSC6812-3.66 Handleiding


Lees hieronder de 📖 handleiding in het Nederlandse voor Microchip VSC6812-3.66 (50 pagina's) in de categorie Niet gecategoriseerd. Deze handleiding was nuttig voor 27 personen en werd door 2 gebruikers gemiddeld met 4.5 sterren beoordeeld

Pagina 1/50
VSC6812
WebStaX Software Product Specification
VSC6812 Product Specification Revision 1.0 ii
VSC6812 Product Specification Revision 1.0 iii
Table of Contents
1 Product Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.1 Supported Switch Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 Terms and Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.3 Software Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2 Supported Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
3 Features and Platform Capacity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
4 System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
5 Port and System Functionality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
5.1 Port Functionality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
5.2 System Functionality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
6 Firmware Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
7 Port Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
7.1 VeriPHY Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
7.2 PoE/PoE+ Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
8 Quality of Service (QoS). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
8.1 Policing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
8.2 Scheduling and Shaping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
8.3 QCL Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
8.4 WRED . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
8.5 Ingress Port Classification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
9 L2 Switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
9.1 VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
9.2 IEEE 802.3ad Link Aggregation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
9.3 Bridge Protocol Data Unit (BPDU) Guard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
9.4 DHCP Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
9.5 Storm Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
9.6 MAC Table Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
9.7 Mirroring (SPAN/VSPAN and RSPAN) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
9.8 Spanning Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
10 L3 Switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
10.1 IP Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
10.2 ICMPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
11 Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
11.1 802.1X and MAC-based Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
11.2 Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
11.3 Loop Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
11.4 Authentication Authorization Accounting (AAA) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
11.5 Secure Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
iv VSC6812 Product Specification Revision 1.0
11.6 Users and Privilege Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
11.7 Auth Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
11.8 Access Control List (ACLs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
12 Robustness and Power Savings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
12.1 Robustness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
12.2 Green Ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
12.3 VeriPHY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
13 Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
13.1 Management Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
13.2 SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
13.3 SysLog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
13.4 IP Management, DNS, and DHCPv4/v6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
13.5 DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
13.6 DHCP Relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
13.7 Management Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
13.8 Management Access Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
13.9 Thermal Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
13.10 Default Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
13.11 Configuration Upload/Download . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
13.12 Port Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
13.13 Network Time Protocol (NTP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
13.14 Loop Detection Restore to Default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
13.15 Dual Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
14 SNMP MIBs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
14.1 Standard MIBs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
15 List of Changes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Supported Switch Platforms
VSC6812 Product Specification Revision 1.0 1
1 Product Overview
The WebStaX turnkey software package is a fully managed L2 switch application for the small-medium
enterprise (SME). This software package can be customized to support different port configurations with
or without stacking. It is built on an Embedded Configurable Operating System (eCos) to ensure cost
optimization without compromising efficiency. WebStaX supports the following major capabilities.
• RedBoot boot loader
• Web or XMODEM update and dual boot support Up to 16 units in a stack
• Single point of management (SPOM) Shortest path forwarding (SPF) Slave units as backup
masters
• 8 ms worst case master reelect across the stack
Management is done using a Web Graphical User Interface (GUI), Command Line Interface (CLI) or
Simple Network Management Protocol (SNMP) running on the internal MIPS24Kec CPU. WebStaX is
highly integrated with switch features such as QoS Control Lists (QCLs), Access Control Lists (ACLs),
HW MAC table synchronization across the stack, and super priority management queue.
This document provides an overview of the switch and software features of WebStaX software and lays
the basis for further specifications. The supported configuration details including parameters and
limitations are beyond the scope of this document. The module specific requirement specifications and
configuration guides may be referred to for obtaining these details.
1.1 Supported Switch Platforms
This software is supported on a series of Microsemi switches ranging from 10, 24 to 48 ports with Power
over Ethernet (PoE) / non-PoE capabilities.
Table 1 • Supported Switches
Switch CPU Description
VSC7424 MIPS 24Kec SparX-III 10x1G Layer 2 switch
VSC7425 MIPS 24Kec SparX-III 18x1G Layer 2 switch
VSC7426 MIPS 24Kec SparX-III 24x1G Layer 2 switch
VSC7427 MIPS 24Kec SparX-III 26x1G Layer 2 switch
VSC7431 MIPS 24Kec E-StaX-III 24x1G + 2x12G stackable switch
VSC7432 MIPS 24Kec E-StaX-III 24x1G + 2x10/12G stackable switch
VSC7434 MIPS 24Kec E-StaX-III 24x1G + 4x10/12G stackable switch
VSC7442 500 MHz MIPS 24Kec SparX-IV 52x1G Layer 2 / Layer 3 switch
VSC7444 500 MHz MIPS 24Kec SparX-IV 44 26 Port Switch
24×1G (Optical) + 2×10G Layer 2 / Layer 3 switch
24×1G (Copper) + 2×10G Layer 2 / Layer 3 switch
VSC7448 500 MHz MIPS 24Kec SparX-IV 80 52 Port Switch
24×1G (Optical) + 4×10G Layer 2 / Layer 3 switch
40×1G (Copper) + 4×10G Layer 2 / Layer 3 switch
Product Overview
2 VSC6812 Product Specification Revision 1.0
1.2 Terms and Abbreviations
The following table provides the definitions of abbreviations used in this document.
Table 2 • Terms and Abbreviations
Term Definition
AAA Authentication Authorization Accounting
ACL Access Control List
API Application Programming Interface
BPDU Bridge Protocol Data Unit
CIST Common and Internal Spanning Tree
CLI Command Line Interface
EAPoL Extensible Authentication Protocol (EAP) over LAN
eCos Embedded Configurable Operating system
EEE Energy-Efficient Ethernet
GUI Graphical User Interface
ICMP Internet Control Message Protocol
IGMP Internet Group Management Protocol
IPMC IP Multicast
LACP Link Aggregation Control Protocol
LLDP Link Layer Discovery Protocol
MLD Multicast Listener Discovery
MVR Multicast VLAN Registration
NAS Network Access Server
NPI Network Peripheral Interface
OS Operating System
OUI Organizationally Unique Identifier
PoE Power Over Ethernet
QCL QoS Control List
RADIUS Remote Authentication Dial In User Service
RSTP Rapid Spanning Tree Protocol
SMB Small and Medium Businesses
SME Small and Medium Enterprises
SNMP Simple Network Management Protocol
SSDP Simple Service Discovery Protocol
SSM Source-Specific Multicast
TLV Type Length Value
UDLD Unidirectional Link Detection
VLAN Virtual LAN
Software Architecture
VSC6812 Product Specification Revision 1.0 3
1.3 Software Architecture
The WebStaX software provides stackable switch support. It consists of the following components.
• Operating system (eCos) for access to the hardware.
• Application Programming Interface (API) for a function library to control switches and PHYs.
• Control modules such as port control, MSTP, and VLAN to implement product features and
protocols. These modules may include threads and provide a management API for configuration
and monitoring.
• Management modules such as CLI, Web, and SNMP for interfaces to the system based on the
management API of the control modules.
The following illustration shows the architecture of the Microsemi managed application software and a
few control and management modules.
Figure 1 • Application Architecture
CLI Web SNMP
Management
Port MSTP VLAN
Control
API
OS
Management API
API
Product Overview
4 VSC6812 Product Specification Revision 1.0
VSC6812 Product Specification Revision 1.0 5
2 Supported Features
The following table shows the features supported by the WebStaX software.
Table 3 • Supported Features
Feature
SparX-III
VSC7424-7
E-StaX-III
VSC7431/2/4
SparX-IV
VSC7442/4/8
"Port Control"
Port speed/duplex mode/flow control • • •
Per priority pause •
Port frame size (Jumbo frames) • • •
Port state (administrative status) • • •
Port status (link monitoring) • • •
Port statistics (MIB counters) • • •
Port VeriPHY (cable diagnostics) • •
PoE/PoE+ • •
PoE/PoE+ with LLDP • •
NPI port •
On-the-fly SFP detection • • •
"Quality of Service (QoS)"
Traffic classes (8 active priorities) • • •
Port default priority • • •
User priority • • •
QoS control list (QCL mode) • • •
Storm control for UC, MC, and BC • •
Storm control for UC, BC, and unknown •
Random Early Discard (RED) • •
Policers
Port policers • • •
Global/VCAP (ACL) policers • • •
Port egress shaper • • •
Queue egress shapers • • •
Scheduler mode • • •
"L2 Switching"
IEEE-802.1D bridge • • •
Auto MAC address learning/aging • • •
MAC addresses – Static • • •
IEEE-802.1Q • • •
Supported Features
6 VSC6812 Product Specification Revision 1.0
Virtual LAN • • •
Private VLAN – Static • • •
Port isolation – Static • • •
VLAN trunking • • •
IEEE-802.1ad provider bridge (native or translated VLAN) • • •
IEEE-802.1Q-2005 • • •
Loop guard • • •
IEEE-802.3ad • • •
Link aggregation – Static • • •
Link aggregation – LACP • • •
IGMPv2 snooping • • •
Port mirroring • • •
"Security"
Network Access Server (NAS) • • •
Port-based 802.1X • • •
MAC-based authentication • •
Web and CLI authentication • • •
Web-based authentication •
ACLs for filtering/policing/port copy • • •
"Robustness and Power Savings"
Cold start • • •
Cool start • • •
Power Saving
ActiPHY • •
PerfectReach • •
EEE power management • •
LED power management • •
Thermal protection •
Adaptive fan control •
"Management"
Stack IP address •
Double VLAN tag management • •
DHCP client • • •
HTTP server • • •
Web with stack management •
CLI - console port • • •
CLI stack management •
Table 3 • Supported Features (continued)
VSC6812 Product Specification Revision 1.0 7
Industrial standard CLI • • •
Industrial standard configuration • • •
Industrial standard CLI debug commands • • •
Management access filtering • • •
HTTPS • • •
System syslog • • •
Software upload via web • • •
SNMP v1/v2c/v3 agent • • •
SNMP multiple trap destinations • • •
IEEE-802.1AB-2005 Link Layer Discovery – LLDP • • •
Configuration download/upload - industrial standard • • •
Loop detection restore to default • •
Symbolic register access • • •
"Standard MIBs"
RFC 1213 MIB II • • •
RFC 1215 TRAPS MIB • • •
RFC 4188 bridge MIB • • •
RFC 3635 Ethernet-like MIB • • •
RFC 3411 SNMP management frameworks • • •
IEEE 802.1 MSTP MIB • • •
IEEE 802.1AB LLDP-MIB (LLDP MIB included in a clause of the STD) • • •
RFC 3621 LLDP-MED Power (POE) (No specific MIB for POE+ exists) • •
Table 3 • Supported Features (continued)
Supported Features
8 VSC6812 Product Specification Revision 1.0
VSC6812 Product Specification Revision 1.0 9
3 Features and Platform Capacity
The following table summarizes the features and platform capacity supported by the CE Services
software. The capacity mentioned in many cases is hardware, not software, constrained.
Table 4 • Features and Platform Capacity
Feature Capacity on Platform
SparX-III VSC7424-7 E-StaX-III VSC7431/2/4 SparX-IV VSC7442/4/8
Resilience and Availability
IEEE 802.1s
MSTP instances
8 8 8
IEEE 802.3ad
LACP - max
LAGs
12 24 LAGs and 32 GLAGs 24 LAGs and 32 GLAGs
Traffic Control
Port-based VLAN 4095 4095 4095
Private VLAN 24 24 24
Voice VLAN 1 1 1
MAC table size 8k 32k 32k
Storm control 1 – 1024 kpps in steps of
2^n where n = 0..25 (Global
setting for Unicast,
Multicast, and Broadcast)
100 kbps – 1000 Mbps (per port
for Unicast (known/learned),
Broadcast, and Unknown
(flooded Unicast and Multicast)
100 kbps – 1000 Mbps (per port
for Unicast (known/learned),
Broadcast, and Unknown
(flooded Unicast and Multicast)
Jumbo frames
supported
up to 9600 up to 10056 up to 10056
Security
Port security
aging
10 to 10000000s 10 to 10000000s 10 to 10000000s
Static MAC
entries supported
64 64 64
RADIUS
authentication
servers
5 5 5
TACACS+
authentication
servers
5 5 5
RADIUS
accounting
servers
5 5 5
Telnet/SSH v2 4 4 4
Max ARP
inspection
1K per system 1K per system 1K per system
IPSG entries Up to 256 Up to 512 Up to 512
Features and Platform Capacity
10 VSC6812 Product Specification Revision 1.0
Policy-based
security filtering
512 512 512
Password length 32 32 32
Authorization user
levels
15 15 15
ACE 256 512 512
Number of logged
in users
20 20 20
Table 4 • Features and Platform Capacity (continued)
VSC6812 Product Specification Revision 1.0 11
4 System Requirements
WebStaX software supports the port and hardware system requirements listed in the following tables.
Table 5 • Port System Requirements
Requirement SparX-III VSC7424-7 E-StaX-III VSC7431/2/4 SparX-IV VSC7442/4/8
Auto MDI/MDIX Supported Supported Supported
Duplex capability per
10/100M
Half/Full Half/Full Half/Full
Fiber slots Supported Supported Supported
LEDs per port 1 1 1
Port packet forwarding
rate
1488000 pps (1000
Mbps) (with 64 byte)
148800 pps (100
Mbps)
14880 pps (10 Mbps)
14880000 pps (10 Gbps)
1488000 pps (1000
Mbps) (with 64 byte)
148800 pps (100 Mbps)
14880 pps (10 Mbps)
14880000 pps (10 Gbps)
1488000 pps (1000
Mbps) (with 64 byte)
148800 pps (100 Mbps)
14880 pps (10 Mbps)
RJ45 connectors Supported Supported Supported
SFP+/SFP SFP only supported Both SFP/SFP+
supported
Both SFP/SFP+
supported
Speed capability per
10/100M and Gigabit port
Supported Supported Supported
Table 6 • Hardware System Requirements
Requirement Support
Power LED Supported by hardware
System LED Supported by hardware
Management LED Supported by hardware
Alarm LED Supported by hardware
Switch fabric capacity Supported by hardware
Forwarding architecture Supported by hardware
MAC address entries Supported by hardware
MAC address aging Supported by hardware
MAC buffer memory type and size Supported by hardware
CPU flash size Supported by hardware
CPU memory type and size Supported by hardware
System DDR SDRAM Supported by hardware
Reset button Supported by hardware
EMC/safety requirement Supported by hardware
Performance requirement Supported by hardware
System Requirements
12 VSC6812 Product Specification Revision 1.0
Port Functionality
VSC6812 Product Specification Revision 1.0 13
5 Port and System Functionality
WebStaX software supports the following functionality.
5.1 Port Functionality
Capabilities of the SparX-IV, SparX-III, and E-StaX-III ports are as follows:
• All copper ports can be configured as full-duplex or half-duplex. If operating at 10/100 Mbps, they
support auto-sensing and auto-negotiation. Full-duplex, auto-sensing, and auto-negotiation are
supported on 1000 Mbps ports.
• Full-duplex flow control is supported according to the IEEE 802.3x standard.
• Half-duplex flow control is supported using collision-based backpressure.
• LEDs for all the ports are driven by the SGPIO and Shift registers.
• Different port-based configurations are supported on all available ports. For more information, see
"Supported Features" on page 5.
Interface capabilities details can be viewed by executing the show interface capabilities
command in the CLI interface.
5.2 System Functionality
The 8 to 48 port turnkey switch platform model switches can be supported using the WebStaX software
with wire speed Layer 2 Gigabit/Fast Ethernet switches, with an option to additionally support the PoE
functionality with partner vendors.
The turnkey switch software runs on the Embedded Configurable Operating System (eCOS v3.0). The
following system-wide operations are supported:
• Store-and-forward forwarding architecture.
• 8K MAC table entries on the SparX-III-based switch models and 32K MAC table entries on the
E-StaX-III and SparX-IV-based switches.
• Configurable MAC address aging support (300 seconds is default timeout value).
• Port packet-forwarding rates of 1488095 pps (1000 Mbps), 148810 pps (100 Mbps), and 14880
pps (10 Mbps).
• 128 Mbytes system DDR SDRAM is recommended for a typical 24 to 48 port switch.
• 16 Mbytes flash size is recommended for a typical 24 to 48 Port switch.
• IP routing is supported on E-StaX-III and SparX-IV in hardware and is supported in software on
the SparX-III family.
The following table shows some of the other features across the switch family.
Table 7 • Miscellaneous Features
Feature
SparX-III
VSC7424-7
E-StaX-III
VSC7431/2/4
SparX-IV
VSC7442/4/8
Embedded Processor 416 MHz 416 MHz 416 MHz
Integrated shared memory 4 Mbit 4 MByte 4 MByte
MAC Table 8K 32K 32K
Power 4.5 W (8 port)
2.5 W (VSC741x)
5 W (24 port) 5 W (24 port)
Port and System Functionality
14 VSC6812 Product Specification Revision 1.0
VSC6812 Product Specification Revision 1.0 15
6 Firmware Upgrade
The WebStaX firmware controlling the switch can be updated using one of the following methods.
• Web using the HTTP protocol
• CLI using the TFTP client on the switch
The software image selection information includes the following:
•Image The file name of the firmware image
•Version The version of the firmware image
•Date The date when the firmware was produced
After the software image is uploaded from the Web interface, a Web page announces that the firmware
update is initiated. After about a minute, the firmware is updated and the switch restarts.
While the firmware is being updated, Web access appears to be defunct. The front LED flashes
Green/Off with a frequency of 10 Hz while the firmware update is in progress.
Warning Do not restart or power off the device at this time or the switch may fail to function.
Firmware Upgrade
16 VSC6812 Product Specification Revision 1.0
VeriPHY Support
VSC6812 Product Specification Revision 1.0 17
7 Port Control
WebStaX software supports the following Port Control features.
7.1 VeriPHY Support
VeriPHY is supported on the WebStaX software for running cable diagnostics to find cable shorts/opens
and to determine cable length.
7.2 PoE/PoE+ Support
The WebStaX software provides PoE/PoE+ support on the Caracal and Serval (except VSC741x) and
the Jaguar-1 and Jaguar-2 switch based solutions to comply with the IEEE802.3at and IEEE802.3af
standards of enabling the supply of up to 30 W per port and up to the total power budget.
• Texas Instruments Slus787
• SiliconLabs SI3452
Port Control
18 VSC6812 Product Specification Revision 1.0
Policing
VSC6812 Product Specification Revision 1.0 19
8 Quality of Service (QoS)
WebStaX software provides support for the following rich Quality of Service (QoS) features.
8.1 Policing
The QoS ingress port policers are configurable per port and are disabled by default. The software allows
disable/enable flow control on the port policer. Flow control is disabled by default. If flow control is
enabled and the port is in flow control mode, then pause frames are sent instead of discarding frames.
8.2 Scheduling and Shaping
Each egress port implements a scheduler that controls eight queues, one queue (priority) per QoS class.
The scheduler mode can be set to Strict Priority or Weighted (Modified-DWRR). Strict Priority is selected
by default. It is possible to specify the weight for each of the queues (0 through 5).
Each egress port also implements a port shaper and a shaper per queue. The software allows
disabling/enabling the port and queue shaper as part of egress shaping. The port shaper and queue
shaper are disabled by default.
It is possible to specify the maximum bit rate in kbits per second or Mbits per second.
8.3 QCL Configuration
QoS classification based on basic classification can be overruled by an intelligent classifier called QoS
Control List (QCL).
The QCL consists of QCE entries where each entry is configured with keys and actions. The keys specify
which part of the frames must be matched and the actions specify the applied classification parameters.
When a frame is received on a port, the list of QCEs is searched for a match. If the frame matches the
configured keys, the actions are applied and the search is terminated.
The QCL configuration is a table of QCEs containing QoS control entries that classify to a specific QoS
class on specific traffic objects. A QoS class can be associated with a particular QCE ID.
8.4 WRED
While the random early detection (RED) settings are configurable for queues 0 to 5, weighted RED
(WRED) is configurable to either disable/enable, and is disabled by default.
The minimum and maximum percentage of the queue fill level or drop probability can be configured
before WRED starts discarding frames.
By specifying a different RED configuration for the queues (QoS classes), it is possible to obtain the
WRED operation between queues.
8.5 Ingress Port Classification
Classification is the first step for implementing QoS. There is a one-to-one mapping between QoS class,
queue, and priority. The QoS class is represented by numbers; higher numbers correspond to higher
priority.
The features supported are as follows:
Quality of Service (QoS)
20 VSC6812 Product Specification Revision 1.0
• Port default priority (QoS class)
• Port default Drop Precedence (DP level)
• Port default PCP
• Port default DEI
• DSCP mapping to QoS class and DP Level
• DSCP classification (DiffServ)
• Advanced QoS classification
VLAN
VSC6812 Product Specification Revision 1.0 21
9 L2 Switching
The WebStaX software supports the following rich L2 switching features.
9.1 VLAN
WebStaX software supports the IEEE 802.1Q standard VLANs. The default configuration is as follows:
• All ports are VLAN aware.
• All ports are members of VLAN 1.
• The switch management interface is on VLAN 1.
• All ports have a Port VLAN ID (PVID) of 1.
• A port can be configured to one of the following three modes:
– Access
– Trunk
– Hybrid
• By default, all ports are in Access mode and are normally used to connect to end stations.
• Access ports have the following characteristics:
– Member of exactly one VLAN, the Port VLAN (Access VLAN), which by default is 1
– Accepts untagged and C-tagged frames
– Discards all frames that are not classified to the Access VLAN
– On egress all frames classified to the Access VLAN are transmitted untagged. Others
(dynamically added VLANs) are transmitted tagged.
• The PVID is set to 1 by default.
• Ingress filtering is always enabled.
Trunk ports can carry traffic on multiple VLANs simultaneously, and are normally used to connect to other
switches. Trunk ports have the following characteristics:
• By default, a trunk port is a member of all VLANs (1-4095). This may be limited by the use of
allowed VLANs.
• If frames are classified to a VLAN that the port is not a member of, they are discarded.
• By default, all frames classified to the Port VLAN (also known as Native VLAN) get tagged on
egress. Frames classified to the Port VLAN do not get C-tagged on egress.
• Egress tagging can be changed to tag all frames, in which case only tagged frames are accepted
on ingress.
Hybrid ports resemble trunk ports in many ways, but provide the following additional port configuration
features.
• Can be configured to be VLAN tag unaware, C-tag aware, S-tag aware, or S-custom-tag aware
• Ingress filtering can be controlled
• Ingress acceptance of frames and configuration of egress tagging can be configured
independently
9.1.1 Private VLAN
In a private VLAN, communication between isolated ports in that private VLAN is not permitted.
Private VLANs are based on the source port mask, and there are no connections to VLANs. This means
that VLAN IDs and private VLAN IDs can be identical.
L2 Switching
22 VSC6812 Product Specification Revision 1.0
The PVLAN ID is only configurable on SparX-III, SparX-IV, and E-StaX-III 24 port switches.
The private VLAN feature is unavailable on the Dual E-StaX-III and SparX-IV-based switch models.
9.2 IEEE 802.3ad Link Aggregation
A link aggregation is a collection of one or more Full Duplex (FDX) Ethernet links. These links when
combined together form a Link Aggregation Group (LAG), such that the networking device can treat it as
if it were a single link. The traffic distribution is based on a hash calculation of fields in the frame:
•Source MAC Address The source MAC address can be used to calculate the destination port
for the frame. By default, the source MAC Address is enabled.
•Destination MAC Address The destination MAC address can be used to calculate the
destination port for the frame. By default, the destination MAC Address is disabled.
•IP Address The IP address can be used to calculate the destination port for the frame. By
default, the IP Address is enabled.
•TCP/UDP Port Number The TCP/UDP port number can be used to calculate the destination
port for the frame. By default, the TCP/UDP Port Number is enabled.
An aggregation can be configured statically or dynamically via the Link Aggregation Control Protocol
(LACP).
9.2.1 Static
Static aggregations can be configured through the CLI or the web interface. A static LAG interface does
not require a partner system to be able to aggregate its member ports. In Static mode the member ports
do not transmit LACPDUs.
9.2.2 Link Aggregation Control Protocol (LACP)
The LACP exchanges LACPDUs with an LACP partner and forms an aggregation automatically. LACP
can be enabled or disabled on the switch port. LACP will form an aggregation when two or more ports
are connected to the same partner.
The Key value can be configured to a user defined value or set to auto to calculate based on the link
speed in accordance with IEEE 802.3ad standard.
The role for the LACP port configuration can be selected as either Active to transmit LACP packets each
second, or Passive to wait for an LACP packet from a partner.
9.3 Bridge Protocol Data Unit (BPDU) Guard
This is provided as part of the Spanning Tree Protocol (STP) configuration settings. The BPDU guard is a
control that specifies whether a port explicitly configured as Edge will disable itself upon reception of a
BPDU. The port will enter the error-disabled state, and will be removed from active topology.
The Common and Internal Spanning Tree (CIST) port setting for the BPDU Guard is not subject to Edge
status dependency. For restricted role, CIST port setting may also be seen as a security measure.
9.3.1 BPDU Filtering
BPDU filtering is a control that sp configured as Edge will transmit and ecifies whether a port explicitly
receive BPDUs. This is also provided as part of the STP configuration settings.
DHCP Snooping
VSC6812 Product Specification Revision 1.0 23
9.4 DHCP Snooping
DHCP snooping is used to block intruders on the untrusted ports of the switch device when it tries to
intervene by injecting a bogus DHCP (for IPv4) reply packet to a legitimate conversation between the
DHCP (IPv4) client and server.
DHCP snooping is a series of techniques applied to ensure the security of an existing DHCP
infrastructure. When DHCP servers allocate IP addresses to clients on the LAN, DHCP snooping can be
configured on LAN switches to harden the security on the LAN to allow only clients with specific IP/MAC
addresses to have access to the network.
Only specific IP addresses with specific MAC addresses on specific ports may access the IP network.
DHCP snooping also stops attackers from adding their own DHCP servers to the network. An attacker-
controlled DHCP server could cause malfunction of the network or even control it. The port role can be
set as Trusted or Untrusted in order to protect it.
9.5 Storm Control
Storm control on WebStaX software is done per system globally on SparX-III and SparX-IV-based
switches. Global storm rate control configuration for unicast frames, broadcast frames, and multicast
frames is supported and can be configured in pps on SparX-III switches.
On the E-StaX-III switch models, storm control is configured per port. Storm rate control configuration for
unicast frames, broadcast frames, and a storm rate control configuration for unknown (flooded) frames
can be configured in kbps, Mbps, fps, and kfps on the E-StaX-III-based switches.
Storm control is disabled by default.
9.6 MAC Table Configuration
MAC learning configuration can be configured per port.
•Auto Learning is done automatically as soon as a frame with unknown Static MAC (SMAC) is
received.
•Disable No learning is done.
•Secure Only SMAC entries are learned, all other frames are dropped.
The static entries can be configured in the MAC table for forwarding. The user can enable/disable MAC
learning per VLAN. VLAN learning is enabled by default.
MAC aging is configurable to age out the learned entries.
MAC learning cannot be administered on each individual aggregation group.
9.7 Mirroring (SPAN/VSPAN and RSPAN)
WebStaX software allows selected traffic to be copied, or mirrored, to a mirror port where a frame
analyzer can be attached to analyze the frame flow. all traffic, including By default, Mirror monitors
multicast and bridge PDUs.
The software will support 'Many-to-1' port mirroring. The destination port is located on the local switch in
the case of Mirror. The switch can support VLAN-based mirroring.
Note The mirroring session will have either ports or VLANs as sources, but not both.
L2 Switching
24 VSC6812 Product Specification Revision 1.0
9.8 Spanning Tree
WebStaX software supports the Spanning Tree versions IEEE 802.1Spanning Tree Protocol (STP),
802.1w Rapid STP (RSTP), and 802.1s MSTP. The desired version is configurable and the MSTP is
selected by default.
The RSTP portion of the module conforms to IEEE 802.1D-2004 and the MSTP portion of the module
conforms to IEEE 802.1Q-2005.
IEEE 802.1s supports 16 instances.
The STP MSTI and CIST port configurations are allowed per physical port or aggregated port, as also
STP MSTI bridge instance mapping and priority configurations.
Port Error Recovery is supported to control whether a port in the error-disabled state automatically will be
enabled after a certain time.
IP Routing
VSC6812 Product Specification Revision 1.0 25
10 L3 Switching
WebStaX software provides support for the following rich L3 switching features.
10.1 IP Routing
WebStaX software static routing provides the ability to route IPv4 and IPv6 frames between different
VLANs. These VLANs may exist on different ports.
It should be noted that hardware has no L3 data plane, but control plane routing is supported in software
on Caracal/Serval. However, Jaguar and Jaguar 2 have the hardware support for routing. There is a
provision in the software API to assign at least two router legs to a given VLAN.
When an IP interface is configured, the corresponding interface route will be installed in the routing table.
In addition, the device administrator can install static routes in the routing table.
10.1.1 VLAN IP Interface Configuration
The IP stack can be configured to act either as a host or a router. The VLAN IP interface can be
configured with IPv4/IPv6 parameters for assigning an IP address corresponding to a VLAN.
•Host Mode Traffic between interfaces will not be iguration starts routed, and auto-conf
automatically when each IPv6 interface starts operation (for example, triggered by link-up or
creation).
•Router Mode Traffic is routed between all interfaces.
10.1.2 Static IP Route Configuration
The static IPv4 route can also be configured with a valid destination IPv4/IPv6 address/mask, gateway,
and a next hop VLAN. Support is available for the link-local address used as the next hop for IPv6 static
routes.
10.2 ICMPv6
ICMPv6-based ping is supported on these switches. Five ICMPv6 packets are transmitted to the
configured IP address, and the sequence number and roundtrip time are displayed upon reception of a
reply. The ping size is set to 56 and is configurable from 1 to 1452.
L3 Switching
26 VSC6812 Product Specification Revision 1.0
802.1X and MAC-based Authentication
VSC6812 Product Specification Revision 1.0 27
11 Security
WebStaX software supports the following security features.
11.1 802.1X and MAC-based Authentication
The IEEE 802.1X standard defines a port-based access control procedure that prevents unauthorized
access to a network by requiring users to first submit credentials for authentication. One or more central
servers, the backend servers, determine whether the user is allowed access the network.
Unlike port-based 802.1X, MAC-based authentication is not a standard, but merely a best-practices
method adopted by the industry. In a MAC-based authentication, users are called clients, and the switch
acts as a supplicant on behalf of clients. The initial frame (any kind of frame) sent by a client is snooped
by the switch, which in turn uses the client's MAC address as both username and password in the
subsequent Extensible Authentication Protocol (EAP) exchange with the Remote Authentication Dial In
User Service (RADIUS) server.
The 6-byte MAC address is converted to a string in the following form: xx-xx-xx-xx-xx-xx. That is, a dash
(-) is used as separator between the lower-case hexadecimal digits. The switch only supports the MD5-
Challenge authentication method, so the RADIUS server must be configured accordingly. When
authentication is complete, the RADIUS server sends a success or failure indication, which in turn
causes the switch to open up or block traffic for that particular client, using the Port Security module. The
frames from the client are then forwarded to the switch. There are no EAP over LAN (EAPOL) frames
involved in this authentication, and therefore, MAC-based authentication has nothing to do with the
802.1X standard.
The advantage of MAC-based authentication over 802.1 X-based authentication is that the clients do not
need special supplicant software to authenticate. The disadvantage is that MAC addresses can be
spoofed by equipment whose MAC address is a valid RADIUS user that can be used by anyone. The
maximum number of clients that can be attached to a port can be limited using the Port Security Limit
Control functionality.
In a port-based 802.1X authentication, once a supplicant is successfully authenticated on a port, the
whole port is opened for network traffic. This allows other clients connected to the port (for instance
through a hub) to piggy-back on the successfully authenticated client and get network access even
though they really are not authenticated. To overcome this security breach, use the Single 802.1X
variant.
Multi 802.1X is not an IEEE standard, but a variant that features many of the same characteristics. In
Multi 802.1X, one or more supplicants can get authenticated on the same port at the same time. Each
supplicant is authenticated individually and secured in the MAC table using the Port Security module. In
Multi 802.1X, it is not possible to use the multicast BPDU MAC address as destination MAC address for
EAPOL frames sent from the switch toward the supplicant because that causes all supplicants attached
to the port to reply to requests sent from the switch. Instead, the switch uses the supplicant's MAC
address, which is obtained from the first EAPOL Start or EAPOL Response Identity frame sent by the
supplicant. An exception to this is when no supplicants are attached. In this case, the switch sends
EAPOL Request Identity frames using the BPDU multicast MAC address as destination to wake up any
supplicants that might be on the port.
The maximum number of supplicants that can be attached to a port can be limited using the Port Security
Limit Control functionality.
When RADIUS-assigned QoS/VLANs are enabled globally and on a given port, the switch reacts to the
QoS Class/VLAN information carried in the RADIUS Access-Accept packet transmitted by the RADIUS
server when a supplicant is successfully authenticated. If QoS information is present and valid, traffic
received on the supplicant's port will be classified to the given QoS class in the case of RADIUS-
assigned QoS. Conversely, if VLAN ID is present and valid, the port's Port VLAN ID will be changed to
Security
28 VSC6812 Product Specification Revision 1.0
this VLAN ID, the port will be set to be a member of that VLAN ID, and the port will be forced into VLAN
Unaware mode. Once assigned, all traffic arriving on the port will be classified and switched on the
RADIUS-assigned VLAN ID.
RADIUS-assigned VLANs based on a VLAN name are also supported.
If (re-)authentication fails, or the RADIUS Access-Accept packet no longer carries a QoS class/VLAN ID,
or it's invalid, or the supplicant is otherwise no longer present on the port, the port's QoS class in the
case of RADIUS-assigned QoS, and VLAN in the case of RADIUS-assigned VLAN, are immediately
reverted to the original values (which may be changed by the administrator in the meanwhile without
affecting the RADIUS-assigned).
This RADIUS-assigned QoS or VLAN option is only available for single-client modes, namely Port-based
802.1X.
11.2 Port Security
Port security enables configuration of the port security limit control system and port settings. It is possible
to configure the port security limit aging per system.
Limit control enables limiting the number of users on a given port. A user is identified by a MAC address
and VLAN ID. If limit control is enabled on a port, the limit specifies the maximum number of users on the
port. If this number is exceeded, one of the following actions is taken.
• None
• Syslog
• Shutdown
• Syslog and Shutdown
The switch is configured with a total number of MAC addresses from which all ports draw when a new
MAC address is seen on a Port Security-enabled port. Because all ports draw from the same pool, it may
happen that a configured maximum cannot be granted, if the remaining ports have already used all
available MAC addresses.
11.3 Loop Protection
Loops inside a network are very costly because they consume resources and lower network
performance. Detecting loops manually can be very cumbersome and tasking. Loop protection can be
enabled or disabled on a port, or system-wide.
If loop protection is enabled, it sends packets to a reserved layer2 multicast destination address on all
the ports on which the feature is enabled. Transmission of the packet can be disabled on selected ports,
even when loop protection is on. If a packet is received by the switch with matching multicast destination
address, the source MAC in the packet is compared with its own MAC. If the MAC does not match, the
packet is forwarded to all ports that are member of the same VLAN, except to the port from which it came
in, treating it similar to a data packet. If the feature is enabled and source MAC matches its own MAC, the
port on which the packet is received will be shut down, logged, or both actions taken depending upon the
action configured.
If the feature is disabled, the packet will be dropped silently. The following matching criteria are used:
DA = determined on customer requirement, AND
SA = first 5 bytes of switch SA, AND
Ether Type = 9003, AND
Loop protection is disabled by default, with an option to either enable globally on all the ports or
individually on each port of the switch including the trunks (static only). Loop protection will co-exist with
the (M)STP protocol being enabled on the same physical ports. Loop protection will not affect the ports
that (M)STP has put in non-forwarding state.
Security
30 VSC6812 Product Specification Revision 1.0
Group privilege levels are used only in the Web interface. The CLI privilege level works on each
individual command. User privilege should be same or greater than the privilege level for the group.
11.7 Auth Method
11.7.1 Authentication Method
This method allows configuration of how users are authenticated when they log into the switch from one
of the management client interfaces. The following configuration is allowed on the following management
client types.
• Console
• SSH
• Web
Methods that involve remote servers are timed out if the remote servers are offline. In this case the next
method is tried. Each method is tried from left to right (when entered in the CLI) and continues until a
method either approves or rejects a user. If a remote server is used for primary authentication, it is
recommended to configure secondary authentication as local. This will enable the management client to
log in using the local user database if none of the configured authentication servers are alive.
11.7.2 Command Authorization Method Configuration
This configuration allows the administrator to limit the CLI commands available to the user from the
different management clients, Console and SSH. It is possible to set the privilege level and authorize
configuration commands.
11.7.3 Accounting Method Configuration
This configuration allows the administrator to configure command and Exec (login) accounting of the
user from the different management clients, Console and SSH. It is possible to set the privilege level and
enable exec (login) accounting.
11.8 Access Control List (ACLs)
The ACL consists of a table of ACEs containing access control entries that specify individual users or
groups permitted access to specific traffic objects such as a process or a program. The ACE parameters
vary according to the frame type selected.
Each accessible traffic object contains an identifier to its ACL. The privileges determine whether there
are specific traffic object access rights.
ACL implementations can be quite complex, for example, when the ACEs are prioritized for the various
situations. In networking, ACL refers to a list of service ports or network services that are available on a
host or server, each with a list of hosts or servers permitted to use the service. ACLs can generally be
configured to control inbound traffic, and in this context, they are similar to firewalls.
There are three rich configurable sections associated with the manual ACL configuration.
The ACL configuration shows the ACEs in a prioritized way, highest (top) to lowest (bottom). An ingress
frame will only get a hit on one ACE even though there are more matching ACEs. The first matching ACE
will take action (permit/deny) on that frame and a counter associated with that ACE is incremented. An
ACE can be associated with any combination of ingress port(s) and policy (value/mask pair). If an ACE
policy is created then that policy can be associated with a group of ports as part of the ACL port
configuration. There are a nu can be configured with an ACE.mber of parameters that
The ACL ports configuration is used to assign a policy ID to an ingress port. This is useful to group ports
to obey the same traffic rules. Traffic policy is created under the ACL configuration. The following traffic
properties can be set for each ingress port.


Product specificaties

Merk: Microchip
Categorie: Niet gecategoriseerd
Model: VSC6812-3.66

Heb je hulp nodig?

Als je hulp nodig hebt met Microchip VSC6812-3.66 stel dan hieronder een vraag en andere gebruikers zullen je antwoorden




Handleiding Niet gecategoriseerd Microchip

Handleiding Niet gecategoriseerd

Nieuwste handleidingen voor Niet gecategoriseerd